rb5.conf with my local site AD DC ?
Big thanks to you and Jakub, my employer and I are very glad that this
issue is finally resolved =)
On Tue, Aug 15, 2017 at 3:45 AM, Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On ma, 14 elo 2017, Alexandre Pitre via FreeIPA-users wrote:
>
>&
Although, the explanation from Alexander Bokovoy made perfect sense, I'm
still facing the issue after I re-established the AD trust successfully:
(Tue Aug 15 02:23:40 2017) [sssd[be[domain.ad.com]]] [sdap_cli_auth_step]
(0x1000): the connection will expire at 1502764720
(Tue Aug 15 02:23:40 2017)
Turns out, I'm still getting the same problem. It works right away after I
force clean the sssd cache: systemctl stop sssd ; rm -f /var/lib/sss/db/*
/var/log/sssd/* ; systemctl start sssd
After some time, trying to log back on the same system I see the login
prompt is much quicker when I type
d.
Thanks,
Alex
On Jul 27, 2017 04:08, "Jakub Hrozek via FreeIPA-users" <
freeipa-users@lists.fedorahosted.org> wrote:
> On Thu, Jul 27, 2017 at 02:34:06AM -0400, Alexandre Pitre via
> FreeIPA-users wrote:
> > I uploaded krb5_child.log and ldap_child.log to
> > http
wrote:
>
> On 7 Aug 2017, at 20:02, Alexandre Pitre via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> The client is in the IPA domain. Although it's sub-domain of ad.com, I
> did delegate it and configure the IPA servers as name servers. It uses a
>
healthy.AD trust agent/controller server role are
installed on both.
ipa trustdomain-find ad.com does return all of my AD domains on both IPA
servers.
Thanks,
Alex
On Sun, Aug 6, 2017 at 11:07 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> On 4 Aug 2017, at 23:08, Alexandre P
> Error: Unspecified GSS failure. Minor c
> ode may provide more information (Server krbtgt/ad@ipa.ad.com not
> found in Kerberos database)]
>
> Is your client hostname in the AD domain (centos.domain.ad.com) or in the
> IPA domain (ipa.ad.com) ?
>
> Thanks,
> Alex
>
&
Hi,
I had two freeipa replica servers up and running in our german DC for
nearly 2 months and this morning out of the blue they stopped working.
Looking at ipactl status, both servers are reporting that their directory
service is stopped. Trying to restart ipa only works from 2 minutes to an
he data generation and other replicas have
> to be reinitialized for replication to work again
>
> Ludwig
>
> On 11/28/2017 04:37 AM, Alexandre Pitre via FreeIPA-users wrote:
>
> I managed to remove the replication conflicts but the orignal issue
> persist. I found a couple of trig
Is this a good practice ?
Thanks,
Alex
On Tue, Dec 19, 2017 at 5:13 AM, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On Mon, Dec 18, 2017 at 06:59:25PM -0500, Alexandre Pitre via
> FreeIPA-users wrote:
> > Hi,
> >
> > While troubleshooti
Hi,
I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple groups
with the sudorule-add-user command.
Example:
ipa sudorule-add-user sudorule --groups=group1,group2
Failed users/groups:
member user:
member group: group1,group2
-
Number of members
Would you look at that! Problem solved.Thanks.
On Tue, Oct 24, 2017 at 12:08 PM, Rob Crittenden <rcrit...@redhat.com>
wrote:
> Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple
> > groups w
Crittenden <rcrit...@redhat.com>
wrote:
> Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I recently deployed a new FreeIPA domain running on CentOS 7.4 and
> > FreeIPA 4.5
> >
> > The installation went without hiccups but the WebUI isn't working
SELinux is disabled in our CentOS template. Good hypothesis tho.
On Jan 18, 2018 01:36, "Tony Brian Albers via FreeIPA-users" <
freeipa-users@lists.fedorahosted.org> wrote:
> On 01/18/2018 02:24 AM, Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I r
Hi,
I recently deployed a new FreeIPA domain running on CentOS 7.4 and FreeIPA
4.5
The installation went without hiccups but the WebUI isn't working as
expected. Logging in with admin failed with this error:
Login failed due to an unknow reason.
I've seen this issue with every FreeIPA 4.5
Earlier this week, users reported they could no longer ssh to freeipa
joined servers using their AD login. After some inverstigation, it was
discovered if krb5_validate was set to false in the sssd.conf, AD ssh login
would start working again.
One of our IPA server is showing these errors in
Thanks Alexander that was it.
On Wed, Feb 14, 2018 at 6:06 AM, Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On ke, 14 helmi 2018, Alexandre Pitre via FreeIPA-users wrote:
>
>> Earlier this week, users reported they could no longer ssh to freeipa
>> joined servers usi
Hi Jakub,
I understand that cache_first=true is set in the [nss] section of
/etc/sssd/sssd.conf but what about the negative cache setting you are
referring to ? Could you please give an example ?
Looking at https://jhrozek.fedorapeople.org/sssd/1.16.2/man/sssd.conf.5.html
, there's a few
18 matches
Mail list logo